<?php
/* This file is part of LlamaSlayers Ajax Chat
 *
 * The source code is released under the GNU GPL free software license, version 3.
 * Updates can be found at http://llamaslayers-ajax-chat.googlecode.com/
 */

header( 'Content-Type: text/plain' );

switch ( $_GET['g'] ) {
	case 'key':
		session_start();
		if ( !empty( $_SESSION['authenticated'] ) )
			exit;
		if ( $_SESSION['key_given'] < time() - 1800 ) { // Don't give another key until 30 minutes have passed
			$_SESSION['key_given'] = time();
			$_SESSION['key'] = '';
			for ( $i = 0; $i < 24; $i++ ) {
				$_SESSION['key'] .= chr( mt_rand( 32, 126 ) );
			}
		}
		die( $_SESSION['key'] );
	case 'login':
		/**
		 * Returns a JSON-encoded array with two items:
		 *
		 * Index 0 is a four character representation of the status of the login attempt:
		 *  err!: There was a mistake with the login attempt - This could be the lack of a key or a username that has illegal characters in it.
		 *	pre.: Already logged in
		 *	yes!: Successful login
		 *	pass: Incorrect password
		 *	who?: Username is not registered, but can be
		 *	nevr: Username is not able to be registered
		 *
		 * Index 1 is the username
		 */
		require_once dirname( __FILE__ ) . '/config.php';
		require_once dirname( __FILE__ ) . '/des.php';
		require_once dirname( __FILE__ ) . '/superhash.php';

		header( 'Content-Type: application/json' );

		session_start();
		if ( !empty( $_SESSION['authenticated'] ) )
			die( json_encode( array( 'pre.', $_SESSION['authenticated'] ) ) );

		$_u = trim( $_GET['u'] );
		$_GET['u'] = trim( strtolower( $_GET['u'] ) );

		foreach ( str_split( $_GET['u'] ) as $u ) {
			if ( in_array( $u, str_split( 'abcdefghijklmnopqrstuvwxyz0123546789-_ ~`' ) ) )
				continue;
			die( json_encode( array( 'err!', $_GET['u'] ) ) );
		}
		if ( empty( $_SESSION['key'] ) || $_SESSION['key_given'] < time() - 3600 )
			die( json_encode( array( 'err!', $_GET['u'] ) ) );

		if ( file_exists( dirname( __FILE__ ) . '/db/user/' . $_GET['u'] . '.txt' ) ) {
			$pass = des( $_SESSION['key'], hexToString( $_GET['p'] ), 0, 0, null, 0 );
			$user = array_filter( array_map( 'trim', file( dirname( __FILE__ ) . '/db/user/' . $_GET['u'] . '.txt' ) ) );
			if ( base64_encode( superhash( $pass, $user[0] ) ) == $user[0] ) {
				$_SESSION['authenticated'] = $_GET['u'];
				$_SESSION['name'] = $_u;
				die( json_encode( array( 'yes!', $_GET['u'] ) ) );
			} else {
				die( json_encode( array( 'pass', $_GET['u'] ) ) );
			}
		} else {
			if ( in_array( $_GET['u'], (array)$block_username_registration ) || strlen( $_GET['u'] ) < MIN_USERNAME_LENGTH ) {
				die( json_encode( array( 'nevr', $_GET['u'] ) ) );
			} else {
				die( json_encode( array( 'who?', $_GET['u'] ) ) );
			}
		}
	case 'register':
		require_once dirname( __FILE__ ) . '/config.php';
		require_once dirname( __FILE__ ) . '/des.php';
		require_once dirname( __FILE__ ) . '/superhash.php';

		session_start();
		if ( !empty( $_SESSION['authenticated'] ) )
			die( '0' );

		$_u = trim( $_GET['u'] );
		$_GET['u'] = trim( strtolower( $_GET['u'] ) );

		foreach ( str_split( $_GET['u'] ) as $u ) {
			if ( in_array( $u, str_split( 'abcdefghijklmnopqrstuvwxyz0123546789-_ ~`' ) ) )
				continue;
			die( '0' );
		}
		if ( empty( $_SESSION['key'] ) || $_SESSION['key_given'] < time() - 3600 )
			die( '0' );

		if ( in_array( $_GET['u'], (array)$block_username_registration ) || strlen( $_GET['u'] ) < MIN_USERNAME_LENGTH )
			die( '0' );

		if ( file_exists( dirname( __FILE__ ) . '/db/user/' . $_GET['u'] . '.txt' ) )
			die( '0' );

		$pass = des( $_SESSION['key'], hexToString( $_GET['p'] ), 0, 0, null, 0 );
		file_put_contents( dirname( __FILE__ ) . '/db/user/' . $_GET['u'] . '.txt', base64_encode( superhash( $pass ) ) . "\n0\nverified-user-default" );

		$_SESSION['authenticated'] = $_GET['u'];
		$_SESSION['name'] = $_u;
		die( '1' );
	case 'availicons':
		header( 'Content-Type: application/json' );

		$icons = glob( dirname( __FILE__ ) . '/icons/*_small.png' );
		foreach ( $icons as &$icon ) {
			$icon = substr( basename( $icon ), 0, -10 );
		}

		function validicon( $icon ) {
			return strlen( $icon ) <= 31 && file_exists( dirname( __FILE__ ) . '/icons/' . $icon . '_large.png' );
		}
		$icons = array_filter( $icons, 'validicon' );

		die( json_encode( $icons ) );
	case 'seticon':
		session_start();
		if ( empty( $_SESSION['authenticated'] ) )
			die( '0' );

		if ( strlen( $_GET['i'] ) < 32 &&
			file_exists( dirname( __FILE__ ) . '/icons/' . str_replace( '/', '', $_GET['i'] ) . '_small.png' ) &&
			file_exists( dirname( __FILE__ ) . '/icons/' . str_replace( '/', '', $_GET['i'] ) . '_large.png' ) ) {
			$user = file( dirname( __FILE__ ) . '/db/user/' . $_SESSION['authenticated'] . '.txt' );
			$user[2] = $_GET['i'] . "\n";
			file_put_contents( dirname( __FILE__ ) . '/db/user/' . $_SESSION['authenticated'] . '.txt', trim( implode( '', $user ) ) );
			die( '1' );
		}
		die( '0' );
	default:
		header( 'Status: 400' );
		echo 'Error';
}

?>